One benefit of standardization within any domain is the regularity and commonality that makes product development more cost efficient. For example, the “learning curve” for design techniques can be amortized across a number of products and product releases, thus reducing the overall development cost. Manufacturing efficiencies may also be achieved. For example, common parts and/or components may be used for construction. This commonality allows the manufacturing to be organized in such a fashion as to exploit a common infrastructure as well as purchases of the common elements in volume that may also reduce the overall system cost. Furthermore, when a standard is adopted, the end-users of a standardized product line may become productive more quickly. One reason is the “learning curve” for their product usage is reduced since the end-users may already be familiar with a given model or a previous version that is substantially similar.
In addition to benefits in development and usage, another benefit to standardization exists in maintenance across product lines. One reason is that the maintenance of standardized product lines becomes easier since there is a common, standard model for the range of products. Although the discussion above is most relevant to physical (e.g., hardware) manufacturing, it is certainly true that all these points are also applicable to the development of widely used software applications.
Unfortunately, there are several problems that may occur with standardization in both physical manufacturing and software applications. One problem with standardization has to do with defects. If the standard model used for manufacturing has a defect, then all of the reproduced instances of the model will share the common defect. This is especially problematic in ubiquitous software environments. When a security defect becomes public knowledge, then hackers may exploit the vulnerability in system instances that have not had the defect repaired.
The use of a standard operating environment across the millions of machines in use today has created a computational monoculture. Another problem with computational monocultures has to do with the operation of malicious programs. By definition, a program that works on one instance of a standard environment will work on any instance of that environment.
Computer viruses exploit the computational mono-culture in two ways: (1) publicly revealed security breaches are likely to be uncorrected in a large percentage of machines which are operated by security illiterate individuals; and (2) any malicious program (payload) built to exploit the breach will probably run on a large number (millions) of machines with the installed software. Once a computer virus gets past the security perimeter of the victim machine, the payload (a program) may divert the victim machine to the virus writer's intentions. For example, the victim machine may be used for the malicious destruction of information (vandalism), identity theft, espionage (theft of intellectual property), use of the victim computer as a zombie, for use in distributing spam, or to participate in a coordinated distributed denial of service (DDOS) attack.
The effort to develop and distribute a computer virus is facilitated by the computational monoculture that currently exists. Although the effort to build a single virus instance (which can bypass existing security capabilities) may be high, the effort is rewarded because the virus can propagate across the monoculture. This is one of the inherent problems of standardization of computer platforms.
In addition to the problem of standardization of computer platforms, a social engineering aspect of computer security exists which cannot be easily solved simply through technical means. For example, individuals can be deceived by an attacker to reveal information that might permit a hacker to breach a security perimeter. When such a breach is achieved upon the given machine, the payload may propagate across other machines that share a common network with the breached machine.
Current anti-virus software has provided one possible solution to protecting computers from attacks. However, one problem with the current anti-virus software is the problem of trying to detect malicious patterns in programs from the range of possible patterns found within all programs. Most anti-virus programs are inherently reactive, since a pattern is only known about after an infection has been established, recorded and analyzed. In addition, the failure of anti-virus systems may be expensive. Hence, the current limitations of the current anti-virus software with their system of updates of the virus pattern set, the computational overhead of continually scanning the computer to search for malicious patterns, and the expense of failure are significant limitations in the protection of computer systems.
Note that it is impossible to completely secure a computer against all forms of malware infestation, especially when physical access to the target computer is provided to the cracker, and when social engineering techniques can be brought to bear upon the target.